Tag Archives: security

Friend Alain Baudrez wrote a fabulous review of the upcoming “Unity” Ubuntu. Reading it and seeing the screenshots that he provided immediately struck me that the folks at Ubuntu are aiming for the clouds… cloud computing, that is. We’ve ranted… er, I mean discussed this here before, if you remember.

I’m still a firm believer in keeping my head (and my data and apps) on my own desktop on my own media on my own systems. I just don’t trust cloud security at this time. Yeah… I keep my money in a bank. I even do online banking. However, since I rarely have more than $18.53 in any of my accounts, what’s the risk? But man! I don’t want to lose those tin-foil hat designs or my mp3s. You know what I mean?

Previously, in THIS article, I wrote about my thoughts concerning cloud computing. You may remember that I wasn’t too hip on the idea.

On the heels of my article, James Maguire published a fantastic article at DataMation entitled How Cloud Computing Security Resembles the Financial Meltdown. Mr. Maguire basically rips cloud computing security with much more precise and informed language than I used in my original article. You gotta’ read this guy.

Maguire begins:

When they make claims about their nearly absolute level of safety, should you just…take their word for it?

Hello suckers!

He continues:

Goodness no, say the vendors, we’ve got a third party certification to back up our claims. Specifically, they point to their SAS 70 certification. SAS 70 is a set of auditing standards used to measure the handling of sensitive information.

Oh? But wait… there’s more:

Guess who writes a check to the SAS 70 certifiers? Believe it or not, it’s the vendors themselves. If you were a cynical, non-trusting type (which you should be if your company’s data is at stake) you might wonder…isn’t that a conflict of interest? Don’t accounting firms have a vested interest in granting SAS 70 certifications to those cloud computing vendors who can pay for them?

Ooooh! Gotcha! This is just un-effing-believable to me. It would be like letting the U.S. Congress police themselves… er, wait… we do allow them to do that. Uh-oh! Seriously, if this is what security is going to be like in the cloud, I’ll just keep my fat arse here on the ground.

I just finished reading a not-so-surprising, but still disturbing article on Ken Starks’ Blog of Helios called Is Linux Brand Poisoned?

Here’s a bit:

I queried 109 people. People who either owned, managed or worked as Executive Assistants to those in small to medium-sized businesses.

And for full disclosure, there were 144 businesses or people I approached that would not take part in this survey.
Of that 109 that did, I asked each of them a few simple questions:

144 declined to take part? What’s up with that? Anyway, Ken asked:

What is Linux?

Here’s what he got for answers:

Of the 109 people asked, 71 did not know. 24 of them responded with the generic equivalent of “It’s some sort of computer program”. The remaining number were able to accurately describe Linux as an operating system or a server solution.

Fully 65% had no clue what Linux was. HA! And some people think Microsoft is feeling threatened by Linux? That’s rich. 65% is about the same percentage of ignorance that I run across in my own experiences when the topic of Linux comes up in conversation. So, 6.5 folks out of 10 are not out to hack/crack/corrupt Linux. That’s good news, huh? Guess how many folks know what MS Windows is? Heh!

Very rarely does anyone ask for less bang for the buck. Linux’s inherent security aside; if you’re snot-nosed, pimply-faced 13 year old cracker Yuri Titov, do you really want to spend weeks designing and coding a bug that once released will only affect 1% of all the computers in the world? (1) See what I mean… security by obscurity? If Linux ever develops market share numbers even 1/2 of MS Windows, Yuri and his pals will start getting more interested, sadly.

Ken goes on to say:

It would be easy to draw several conclusions from this focus…and maybe they would many times be incorrect. This was no where near scientific, nor was it done within any controlled environment.

It was simply an attempt to see what the enterprise, at least in a limited way, thinks about Linux as opposed to what they currently use. In their mind, does Linux equate to difficult or geeky? Does the mention of Linux conjure images of complex terminal environments and limited scope and scalability? Do these notions poison the Linux brand in the applicable market place?

It would seem…

It was an interesting survey, scientifically performed or not, as was the entire article. Give it a read.

More twaddle from the crotchety old geek, who needs to get with the program here. Or does he?

OK, here’s the scenario… Mr. Honor N. Integrity decides that he’s going to offer a service to folks. He prints up some flyers, places a few ads here and there, and rents a big safe that he has delivered to his new office in the strip mall on Mercantile St. You can’t miss him. He’s right in between Joanie’s Retro Punk Dress Shop and Bubba’s Jailhouse Tattoos.

So, what service is Mr. Integrity offering? Well, lemme tell ya’ about it. For a nominal fee, Mr. Integrity is going to take possession of your wallet or purse, your personal papers, your childrens’ personal papers, your partially finished draft of that really cool detective novel you’re writing, grandma’s will, and weird uncle bob’s tinfoil hat designs. He’s going to catalog them and store them in that big safe for safekeeping. You can have access to it any time, as long as the electronic lock on the safe isn’t being updated or oiled. Cool, huh? Yeah… right.

This, folks, is pretty much what the newest craze in the techie world is all about. It’s called cloud computing. What happens when you’re computing in the cloud? You’re sitting at home in front of what has basically devolved into a dumb terminal. All your applications, games, personal data, pictures, illegally ripped MP3s, copies of weird uncle bob’s tinfoil hat designs, etc. are stored on a server owned by Megaputer, Inc.*, a wholly owned subsidiary of ShadowSystems, LLC*, located in Bangladesh.

You’ve paid your yearly subscription fee for this service. You’ve read the TOS and EULAs. You have spoken with support tech “Steve” in New Delhi, India about the Super-Dooper Ver. 5.2 security system they have installed on their servers. You’re comfortable with all this. Good for you, you dummy. I bet you’re the same type who believes everything the doctor tells you without even the slightest need to question him.

Here you go… you sit if front of your system with the intention of banging out a couple chapters of that detective novel tonight. You’re at a really good part with lots of shooting and stuff. You fire up your dumb terminal and navigate using your Megaputer browser to your login screen so you can access YOUR STUFF. Oopsy! Page Not Found. Whaddya’ gonna’ do now, hmm? Call Steve in New Delhi, huh? OK. Steve tells you that the server is down for maintenance, but the real fact of the matter is that a 13 year old cracker named Yuri Titov has won a 1000 ruble bet with his buddy Vasily by breaking the Super-Dooper Ver 5.2 security system. COOL, huh? By the way, Yuri stole all your illegal MP3s and uncle Bob’s tinfoil hat designs. Hope you had those patented.

Sorry folks, computing in the clouds just ain’t for this old geek. I want MY STUFF on MY SYSTEM. Y’all are free to make your own choices.

Until next time… remember, doctors fork up too.

~Eric

*These are fictitious companies created 100% within the warped mind of the author. Any resemblance to real companies like Google, IBM, or Microsoft is purely in YOUR own head.